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DETAILED ACTION 

Response to Arguments 

1 . Applicant's arguments with respect to claims 1-8,10,1 1 and 14-24 have been 
considered but are moot in view of the new ground(s) of rejection. 

2. The allowability of claims 12 and 13 have been withdrawn. New claims 25 and 
26 corresponding to claims 12 and 13 are rejected accordingly. 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 12,13,18-20,25,26 are rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. 

With regard to claim 12, it is unclear what is the operational connection between 
the step of "performing NAT on the packet using the entry in the translation table" in 
lines 21-22 which is within the step of "performing NAT on the packet" in lines 8 and 15- 
16, and the steps of "identifying one of the plurality of routing tables to route the packet 
using the information in indicating one of the plurality of routing tables to route the 
packet; identifying an entry in the identified one of the plurality of routing tables using 
the IP destination address; and routing the packet using the identified routing table 
entry" in lines 9-13. That is, how is the NAT using the entry in the translation table differ 
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from an entry in the identified one of the plurality of routing tables using the IP 
destination address, and whether the routing the packet using the identified routing 
table entry, also uses the entry in the translation table. Similarly in claim 25. 

Claims 13 and 26 are rejected because they are dependent from rejected claims 
12 and 25. 

With regard to claim 18, it is unclear how updating the plurality of sets of routing 
information comprises updating a single routing table. Is the plurality of sets of routing 
information all within the one routing table? 

Claims 19 and 20 are rejected because they are dependent from rejected claim 

18. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1-8,10,11,14-16,18-24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Matsuhira (EP 1 298 853) (provided by Applicant) in view of Knee et 
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al. (US 2002/0143787) and Badran ("Service Provider Networking Infrastructures with 
MPLS") (provided by Applicant). 

With regard to claims 1 and 22-24, Matushira discloses 

maintaining a plurality of routing tables (routing tables 501,502,503 in Fig. 8), 
each of a plurality of virtual private networks being associated with a different one of the 
plurality of routing tables (See VPN ID 1 and 2 in accommodating function 32 Fig. 8) 
VPNs with IDs 1 and 2 have its own routing table); 

receiving a packet (routing function 30 in Fig. 8), the packet including an IP 
source address and an IP destination address (source address 26 and destination 
address 27 in Fig. 2 or 28 and 29 respectively in Fig. 3), the packet further including 
information indicating one of the plurality of routing tables to route the packet (label 
field in Fig. 5); 

performing Network Address Translation on the packet (VPN to IP in Fig. 7); and 
identifying one of the plurality of routing tables to route the packet using the 
information indicating one of the plurality of routing tables to route the packet (See VPN 
ID 1 and 2 in accommodating function 32 Fig. 8) (VPNs with IDs 1 and 2 have its 
own routing table). 

However, Matushira fails to explicitly show 

identifying an entry in the identified one of the plurality of routing tables using the 
IP destination address; 
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routing the packet using the identified routing table entry; 

receiving a default route to a network device providing one or more shared 
services, the default route to the network device providing one or more shared services 
being advertised by the network device providing one or more shared services, wherein 
each of the shared services is available to each of the plurality of virtual private 
networks; and 

updating each of the plurality of routing tables to include the default route, 
thereby enabling the plurality of virtual private networks to access the shared services 
via the default route that is included in each of the plurality of routing tables. 

In an analogous art of routing tables, Knee discloses 

identifying an entry in the identified one of the plurality of routing tables using the 
IP destination address ("an IP destination address matches ... one entry in the 
routing table", para. [0007]); and 

routing the packet using the identified routing table entry ("... forward the 
packet according to the forwarding instructions associated with the entry having 
the most 'specific' matching routing table entry para. [0007]). 

In an analogous art of tag switching, Badran discloses 

receiving a default route (FIB table) to a network device providing one or more 
shared services, the default route to the network device providing one or more shared 
services being advertised (distribution) by the network device providing one or more 
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shared services ("BGP is a routing information distribution protocol that defines 
who can talk to whom using multi-protocol extensions and community attributes. 
VPN membership depends upon logical ports entering the VPN, where BPG 
assigns a unique RD. RDs are unknown to end users, making it impossible to 
enter the network on another access port and spoof a flow. Only pre-assigned 
ports are allowed to participate in the VPN. In an MPLS-enabled VPN, BGP 
distributes forwarding information base (FIB) tables about VPNs to only members 
of the same VPN, providing native security via logical VPN traffic separation", 
p.317, Section 3.3), wherein each of the shared services is available to each of the 
plurality of virtual private networks ("Using MPLS, service providers can deliver the 
IP VPN services that business demand across either switched or routed 
networks", p.312, Abstract); and 

updating (updating) each of the plurality of routing tables to include the default 
route, thereby enabling the plurality of virtual private networks to access the shared 
services via the default route that is included in each of the plurality of routing tables 
("BGP maps FIB tables to provider edge LSRs belonging to only a particular VPN, 
instead of updating all edge LSRs in the provider network", p.316, Section 3.3). 

At the time of the invention, it would have been obvious to a person of ordinary 
skill in the art to combine the teaching of Knee, with Matushira, for the benefit of 
address lookup efficiency. Knee, para. [0003]. It would have been obvious to a person 
of ordinary skill in the art to combine the teaching of Badran, with Matushira and Knee, 
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to take advantage of MPLS including Traffic Engineering and Quality of Service 
mechanisms. Badran, Abstract. 

With regard to claim 2, Matsuhira further discloses each of the plurality of virtual 
private networks is associated with a different customer (organization A,B,C, para. 
[0004]) (See VPN ID 1 and 2 in accommodating function 32 Fig. 8). 

With regard to claim 3, Matsuhira further discloses the network device is 
associated with an ingress interface of a service provider network (VPN edge router 20 
in Fig. 8). 

With regard to claim 4, Matsuhira further discloses the network device is 
associated with an egress interface of a service provider network (VPN edge router 20 
in Fig. 8). 

With regard to claim 5, Matsuhira further discloses the network device is 
associated with a service provider network (service providers, para. [0004]). 

With regard to claim 6, Matushira further discloses translating the IP source 
address from a private address to a public address when the packet is received from a 
network device in a private network ("... in the direction from Intranet to Internet, 
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any packet for communication in an Intranet is converted to a packet which can 
be processed in the Internet.", para. [0006])(See Also Fig. 7). 

With regard to claim 7, Matsuhira further discloses translating the IP destination 
address from a public address to a private address when the packet is received from a 
network device in a public network ("... in the direction from Intranet to Internet, any 
packet for communication in an Intranet is converted to a packet which can be 
processed in the Internet.", para. [0006])(See Also Fig. 7). 

With regard to claim 8, Matsuhira further discloses the network device in the 
public network provides one or more services to each of the plurality of virtual private 
networks (service providers, para. [0004]). 

With regard to claim 10, the combination of Matushira, Knee and Badran 
discloses the method as recited in claim 1 . Matushira further discloses identifying the 
one of the plurality of routing tables associated with the ascertained virtual private 
network (See VPN ID 1 and 2 in accommodating function 32 Fig. 8). 

Badran further discloses the packet includes an MPLS tag indicating a virtual 
private network ("Using MPLS, service providers can deliver the IP VPN services 
that business demand across either switched or routed networks", p. 31 2, 
Abstract), and wherein identifying one of the plurality of routing tables comprises: 
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ascertaining the virtual private network from the MPLS tag ("to enable the delivery of 
VPN services", p.312, Abstract). 

At the time of the invention, it would have been obvious to a person of ordinary 
skill in the art to combine the teaching of Knee, with Matushira, for the benefit of 
address lookup efficiency. Knee, para. [0003]. It would have been obvious to a person 
of ordinary skill in the art to combine the teaching of Badran, with Matushira and Knee, 
to take advantage of MPLS including Traffic Engineering and Quality of Service 
mechanisms. Badran, Abstract. 

With regard to claim 1 1 , the combination of Matushira, Knee and Badran 
discloses the method as recited in claim 10. 

Badran further discloses the MPLS tag further identifies the network device 
responsible for performing NAT and routing the packet ("MPLS ... Labels indicate 
both routes and service attributes", p. 31 2, Abstract). 

At the time of the invention, it would have been obvious to a person of ordinary 
skill in the art to combine the teachings of Badran, with Matushira and Knee, for the 
advantages of MPLS including Traffic Engineering and Quality of Service mechanisms. 
Badran, Abstract. 

With regard to claim 14, Matushira discloses 

maintaining a plurality of routing tables (routing tables 501,502,503 in Fig. 8), 

each of a plurality of virtual private networks being associated with a different one of the 
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plurality of routing tables (See VPN ID 1 and 2 in accommodating function 32 Fig. 8) 
VPNs with IDs 1 and 2 have its own routing table); 

receiving a packet (routing function 30 in Fig. 8), the packet including an IP 
source address and an IP destination address (source address 26 and destination 
address 27 in Fig. 2 or 28 and 29 respectively in Fig. 3), the packet further including 
information indicating one of the plurality of routing tables to route the packet (label 
field in Fig. 5); 

performing Network Address Translation on the packet (VPN to IP in Fig. 7); and 
identifying one of the plurality of routing tables to route the packet using the 
information indicating one of the plurality of routing tables to route the packet (See VPN 
ID 1 and 2 in accommodating function 32 Fig. 8) (VPNs with IDs 1 and 2 have its 
own routing table). 

However, Matushira fails to explicitly show 

identifying an entry in one of the plurality of routing information using the IP 
destination address and the information indicating one of the plurality of sets of routing 
information ; 

routing the packet using the identified entry; 

receiving a default route to a network device providing one or more shared 
services, the default route to the network device providing one or more shared services 
being advertised by the network device providing one or more shared services, wherein 
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each of the shared services is available to each of the plurality of virtual private 
networks; and 

updating each of the plurality of routing information to include the default route, 
wherein each of the plurality of sets of routing information corresponding to each of the 
plurality of virtual private networks is stored in one or more routing tables, thereby 
updating the one or more routing tables associated with the plurality of virtual private 
networks to include the default route to the network device providing one or more 
shared service available to each of the plurality of virtual private networks, enabling the 
plurality of virtual private networks to access the shared services via the default route 
that is included in each of the plurality of routing tables. 

In an analogous art of routing tables, Knee discloses 

identifying an entry in the identified one of the plurality of routing information 
using the IP destination address ("an IP destination address matches ... one entry 
in the routing table", para. [0007]); and 

routing the packet using the identified routing table entry ("... forward the 
packet according to the forwarding instructions associated with the entry having 
the most 'specific' matching routing table entry para. [0007]). 

In an analogous art of tag switching, Badran discloses 

receiving a default route (FIB table) to a network device providing one or more 
shared services, the default route to the network device providing one or more shared 
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services being advertised (distribution) by the network device providing one or more 
shared services ("BGP is a routing information distribution protocol that defines 
who can talk to whom using multi-protocol extensions and community attributes. 
VPN membership depends upon logical ports entering the VPN, where BPG 
assigns a unique RD. RDs are unknown to end users, making it impossible to 
enter the network on another access port and spoof a flow. Only pre-assigned 
ports are allowed to participate in the VPN. In an MPLS-enabled VPN, BGP 
distributes forwarding information base (FIB) tables about VPNs to only members 
of the same VPN, providing native security via logical VPN traffic separation", 
p.317, Section 3.3), wherein each of the shared services is available to each of the 
plurality of virtual private networks ("Using MPLS, service providers can deliver the 
IP VPN services that business demand across either switched or routed 
networks", p.312, Abstract); and 

updating (updating all edge LSRs) each of the plurality of routing tables to 
include the default route, thereby updating the one or more routing tables associated 
with the plurality of virtual private networks (See VPN ID 1 and 2 in accommodating 
function 32 Fig. 8) (VPNs with IDs 1 and 2 have its own routing table) to include the 
default route to the network device providing one or more shared service available to 
each of the plurality of virtual private networks, enabling the plurality of virtual private 
networks to access the shared services via the default route that is included in each of 
the plurality of routing tables ("BGP maps FIB tables to provider edge LSRs 
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belonging to only a particular VPN, instead of updating all edge LSRs in the 
provider network", p.316, Section 3.3). 

At the time of the invention, it would have been obvious to a person of ordinary 
skill in the art to combine the teaching of Knee, with Matushira, for the benefit of 
address lookup efficiency. Knee, para. [0003]. It would have been obvious to a person 
of ordinary skill in the art to combine the teaching of Badran, with Matushira and Knee, 
to add security. Badran, p.316, 3.3. MPLS VPN Security. 

With regard to claim 15, Matushira further discloses each of the plurality of sets 
of routing information corresponding to each of the plurality of virtual private networks is 
stored in a separate routing table (See VPN ID 1 and 2 in accommodating function 
32 Fig. 8) (VPNs with IDs 1 and 2 have its own routing table). 

With regard to claim 16, Matushira further discloses each of the plurality of sets 
of routing information corresponding to each of the plurality of virtual private networks is 
stored in a single routing table (See VPN ID 1 and 2 in accommodating function 32 
Fig. 8) (VPNs with IDs 1 and 2 have its own routing table), wherein each entry in the 
routing table includes a VPN identifier identifying the corresponding one of the plurality 
of virtual private networks (VPN ID 1 and 2). 
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With regard to claim 18, Matushira further discloses updating (updating) a single 
routing table to include default route ("BGP maps FIB tables to provider edge LSRs 
belonging to only a particular VPN, instead of updating all edge LSRs in the 
provider network", p.316, Section 3.3). 

With regard to claim 19, Matushira further discloses the single routing table is 
dedicated to storing the default route (FIB) to shared services available to each of the 
plurality of virtual private networks ("BGP maps FIB tables to provider edge LSRs 
belonging to only a particular VPN, instead of updating all edge LSRs in the 
provider network", p.316, Section 3.3). 

With regard to claim 20, Matushira further discloses the single routing table 
stores the plurality of sets of routing information (a table has more than one entry). 

With regard to claim 21 , Matushira further discloses updating (updating) a 
plurality of sets of routing tables to include the default route (FIB), each of the plurality 
of routing tables being associated with a different one of the plurality of virtual private 
networks (See VPN ID 1 and 2 in accommodating function 32 Fig. 8) (VPNs with 
IDs 1 and 2 have its own routing table). 

Conclusion 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Blanche Wong whose telephone number is 571-272- 
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3177. The examiner can normally be reached on Monday through Friday, 830am to 
530pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Blanche Wong/ 
Examiner, Art Unit 2419 
June 3, 2009 

/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2419 



